Contrary to what some companies want you to believe, very little of what you share or post privately online is actually private. More importantly, you have little or no influence over who has access to what information past the first share. There is no control.
I am not talking about current alleged NSA activities, although if you were surprised when you found out about that I have some very bad 15-year-old news for you. I also do not mean in the sense that the Internet is #neuland or anything else.
I am talking about actual functional GUIs that do absolutely nothing.
Emergency Exits at 30,000 Feet
Forget the privacy dashboard, your share settings, your Facebook privacy control, your layers of circles that could make an onion cry. They. Do. Nothing. They are like the safety pamphlets on airplanes where a 600 mile an hour landing leaves the passengers looking calm as hindu cows. They are the proverbial exit at 30,000 feet. Different networks have different types of privacy settings. What they have in common is that privacy is something they will not be able to provide.
What is shared publicly on twitter can be limited to a small set of friends on Facebook or shared with any or no circles on Google+. I am going to go ahead and limit this post to cover two things. Photos and access to these photos.
Pics Or It Didnt’t Happen
Here is a picture of how we keep up with time zones in the office:
I uploaded that to Facebook and it is set to “only me”. Now I extract the link where the image is stored online.
I can take that link, send it to anyone in the world and they will be able to open the link, see the image and if they want to store it locally.
The How, The Why and The Ugly.
“But, how can that be?”, is usually the first response. The second is outrage. People do not understand how sharing works. This is largely in part because marketers have an easier job if you believe your content is safe, lawyercats are happier if privacy policies do not go into detail about what it means to share access to digital files and product managers have enough on their plates trying to meet the commitments in the next sprint.
Scale is hard. Billions of images and millions of users is massive scale and equally massive hard. A content delivery network is the only feasible solution for providing the service of image hosting and sharing. The way that hosting is set up means that, in this case, images are assigned URLs so that they can be called by websites. This is the vector that can be used to distribute images without the further recipients actually being granted permissions.
Why: Accessibility != Access
Just because I can (could if so inclined and provided with the means) does not necessarily mean I can (spur of the moment) access “private” content on major (and most smaller) networks. While true that I, and now also you, can access these images I needed to have access to them through the networks in the first place.
Ugly: Two men can keep a secret…
Sharing is based on trust. In the event you do not want something shared beyond the person you originally shared it with, make sure you trust them not to spread it. It does not matter if the access is a link like the case above, or a screenshot, or a nannycam with a view of the computer screen. The issue is that most users will upload and feel in control of their images. The problem is that a privacy dashboard, or whatever it may be called, implies that the user actually has control over the dissemination of their content post post or post share.
The simple solution, which nobody is going to be happy with, is: when you post online operate under the assumption that anything and everything can and will be accessed by anyone and everyone. If you are not comfortable with this, do not post it. Welcome to the definition of open.
Information wants to be free.